DDoS Attacks are Increasing While the Majority of Americans are Still in the Dark

Distributed Denial of Service (DDoS) attacks, such as those that have had the financial sector on high alert since September, make the headlines on an almost daily basis. With some of the biggest organizations in the world falling prey to the tactic, one might think that many - if not most of the general public - has at some point been inconvenienced by a DDoS attack. Yet according to a new study commissioned by Public Interest Registry (PIR), the nonprofit operator of the .ORG domain, the majority of Americans (85%) are "uninformed or ill-equipped to deal with a DDoS attack."

The survey also revealed that only 17% of respondents understood what the acronym D-D-o-S stands for, and 77% admitted flat out that they really had no idea what the commonly used abbreviation even means.

“These findings only show that there is real misunderstanding about DDoS across all ages and levels of expertise, so we must do our part to engage with other Internet service providers and registry operators worldwide to discuss how we can be better prepared and prevent future attacks,” said PIR CEO Brian Cute in a press release on the study.

Additional findings from the PIR study reveal:

The higher the household income, the more knowledgeable Americans were on the subject of DDoS attacks

Respondents with college degrees were not more likely than those without a degree to correctly identify DDoS or know how to respond to an attack

Men were generally more informed on the subject of DDoS attacks than women, with 24% correctly identifying DDoS as a type of network attack compared to 10% respectively

Only 36% of Americans would know where to consult in the event of a DDoS attack, and of those nearly half of respondents 65 years and older know where to find help, compared to only 28% of those 18-24 years old

“It’s in all of our interests – public and individual – to ensure that the Internet remains a safe and protected place for all users... At PIR, we pride ourselves on being a name that people trust, and we’re committed to helping strengthen the safety and security of the Internet by providing the information people need to protect themselves from these attacks,” Cute said.

"No organization connected to the Internet is exempt from possibly experiencing a DDoS attack,” said Stephen Gates, Security Evangelist at Corero Network Security.

Gates notes that today’s traditional technologies like firewalls and IPS solutions were not designed to stop application layer DDoS attacks, and that many of the attackers know this. In fact, in some DDoS attacks, network disruptions may not even be the end goal, as the attackers may be seeking to create a diversion in order to penetrate a network and carry out a more serious attack. Gates says that in order to do that, they may actually target the network's firewall.

"What organizations put in place to protect them actually is being used against them," said Gates. "A new first line of defense has to be put in place to stop unwanted traffic before it hits the firewall and IPS – allowing those technologies to do the jobs they were built to do."

Those concerned about their organization's potential for exposure to DDoS attacks are encouraged to take a free DDoS preparedness assessment test, which provides a customized evaluation and subsequent recommendations based on answers to a short questionnaire. The DDoS assessment, which employs a series of analytical algorithms, can be conducted in a matter of minutes by following the instructions here: DDoS Preparedness Test

Share this post:

You May Also Be Interested In:

Anthony M. Freed is an information security journalist and editor who has authored numerous feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets, including The New York Times, Reuters, The Register, Financial Times of London, MSNBC, Fox News, PC/IT/Computer/Tech World, eWeek, SC Magazine, CSO Magazine, Federal News Radio, The Herald-Tribune, Naked Security, and many more. Anthony was the Managing Editor of Infosec Island, an online community designed for IT and network professionals who manage security, risk and compliance issues.